Configuring Web Reverse Proxy

At this point, the Unified Access Gateway has been deployed and you have accessed the Unified Access Gateway Admin Console.  This exercise will teach you how the Unified Access Gateway can be used as a Web Reverse Proxy.

1. Access Reverse Proxy Settings

Acessing Reverse Proxy Settings
  1. Click the Show toggle by Edge Service Settings. After you click it, it will switch to Hide.
  2. Click the Gear icon next to Reverse Proxy Settings.

1.1. Add Reverse Proxy Settings

Adding Reverse Proxy Settings

Click Add to create a new reverse proxy settings that will be use to access the Intranet.

1.2. Define Features Used by Reverse Proxy

Enabling Reverse Proxy Settings

In this step, click Enable Reverse Proxy Settings only. The toggle will switch to YES.

The Unified Access Gateway identity bridging feature can be configured to provide single sign-on (SSO) to legacy Web applications that use Kerberos Constrained Delegation (KCD) or header-based authentication. You will NOT enable that feature for this lab, but other modules will review this feature if you are interested in learning more.

1.3. Config Intranet Reverse Proxy Settings

Configuring Intranet settings for Reverse Proxy
  1. Enter intranet for the Instance Id, which is a unique name to identify and differentiate a web reverse proxy instance from all other web reverse proxy instances.
  2. Enter http://intranet.corp.local for the Proxy Destination URL, which represents the address of the web application.
  3. Enter (|/intranet(.*)|) for the Proxy Pattern, which specifies that the matching URI paths will forward to the destination URL.
  4. Click Save.

Additional parameters can be configured for this type of reverse proxy, more information available here.

1.4. Close the Reverse Proxy Settings

Configuration saved sucessfully

Click Close.

2. Validating Reverse Proxy Configuration

Validating reverse proxy configuration for intranet
  1. Click on the arrow down for the Reverse Proxy Settings.
  2. Click on the refresh icon for the Edge Service Settings.
  3. Confirm the intranet proxy status is GREEN.

After you added the reverse proxy settings for intranet, the Unified Access Gateway appliance tests the communication between the appliance and the intranet endpoint.  The status turns GREEN if a connection is possible, otherwise it will show RED.

NOTE - It may take a few minutes for the intranet proxy to show as GREEN.  If you do not see it, click the refresh icon in Step #2 until you see the status change to either GREEN or RED.

3. Accessing Intranet through Reverse Proxy

Intranet access through Reverse Proxy
  1. Click the New Tab button to open a new tab.
  2. Enter https://uag-internet.corp.local/intranet/ in the address bar and press ENTER.
    NOTE: uag-internet.corp.local resolves to 192.168.110.160, which is the IP address associated with the Unified Access Gateway internet-facing NIC that you configured as part of the deployment through the PowerShell script.
  3. Confirm that the sample Intranet site is displayed.

For further clarification about the traffic routing to the Unified Access Gateway:

  • Access to the Intranet is going to the Unified Access Gateway over port 443 as a result of the TLS port sharing configuration enabled by default during deployment.
  • Access to the Admin Console is going to the Unified Access Gateway port 9443 and IP 192.168.120.160, which is the IP associated with the intranet-facing NIC that you configured as part of the deployment through the PowerShell script.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.